If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

PRAEDA: A Automated Printer Data Harvesting Tool!!!

Exciting times! I wish to stay awake all night long and know whats going on at ShmooCon! Unfortunately, I haven’t been there evar! Anyways, about Praeda, it helps you to leverage Multifunction Printers during penetration tests and gain access to other core network systems! It is a known fact that most printers are left unsecured in an organization with default passwords and sometimes the network interface is open to the internet! This is evident from several of our Shodan Queries and Google Dorks. Incidentally, Praeda means to plunder, spoils of war, booty taken in a war (penetration test in our case!).

By taking advantage of poor printer security and vulnerabilities during penetration testing we are able to harvest a wealth of information from MFP devices including user-names, email addresses, user address books, authentication information including SMB, Email, LDAP passwords, etc. Sometimes, they could also aid you in remote retrieval of prints, faxes, scan copies! Certain printer installations could also allow you to access the HTTP interface, and make a configuration copy! This could allow you to further see the internals! In short, PRAEDA is designed to automate some of the information gathering from network appliances through web-management interfaces such as printers and network appliances.

This open source tool is programmed in Perl and has several modules that focus on almost 28 devices in all! The module to be used is enumerated from the different models of printers using “Title page” and “Server type” responses from the printer management page.

Its required Perl modules are:

LWP::Simple
LWP::UserAgent
HTML::TagParser
URI::Fetch
HTTP::Cookies

Sample syntax:

praeto.pl TARGET_FILE TCP_PORT PROJECT_NAME OUTPUT_FILE

All of the results will create a folder called “project1” and save all information in that folder. Also will create a log file called data-file.log to hold information.

Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.

Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl". If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.